How to Configure Okta Single Sign-On with OIDC?
Configuring Okta Single Sign-On with OpenID Connect
Okta is an identity and access management platform. Its SSO solution allows users to log into a variety of systems using one centralized process. This configuration guide explains how to link Noticeable with Okta for Single Sign-On using OpenID Connect (OIDC).
Contents
Supported Features
Requirements
Configuration Steps
Notes
Known Issues/Troubleshooting
Supported Features
Service Provider-initiated login - We do not support IdP-initiated login for now.
Just-in-Time account creation - Provision new Noticeable accounts for team members without existing access, upon their first SSO sign-in.
Automatic projects and role assignation upon account creation: configure whether new Noticeable accounts get access to existing projects and what role they should be assigned to.
Requirements
You need to upgrade to our Enterprise plan to enable Single Sign-On.
Configuration Steps
Log in to your Okta account and navigate to the Admin dashboard.
From the Applications menu on the left, select Applications.
The Applications page is displayed. Click on the button Add Application:
The Okta catalog is displayed. In the Search field enters Noticeable and click on the corresponding entry that appears in the dropdown list.
At this stage you should see the Noticeable app page description with supported capabilities. Click on the Add button.
General settings for the Noticeable app are displayed. Use the default application label or enter a custom one. For Application visibility, we suggest checking the options Do not display application icon to users and Do not display application icon in the Okta Mobile app since Noticeable supports SP initiated login only. Then, click Next.
The Sign-On Options appear. Select Open ID Connect as sign on method and click Done:
The configured Noticeable application opens on the Assignments tab. Use the Assign dropdown button to add new people or group of people who will be allowed to connect to Noticeable via Okta.
Click on Sign On in the app menu bar. Copy the value associated with the field Client ID. We'll respectively refer to this value as your Okta Client ID when configuring your integration on the Noticeable dashboard just after.
Configuring Noticeable
At this stage, you should have an application dedicated to Noticeable configured on Okta. The integration with Noticeable works in 2 steps. First, you need to create a connection. Second, you have to link the company domain that users use in their email address to sign in. Based on the domain your configure, when a user enters his email address, we know what SSO connection to use.
Creating a connection
Open the Noticeable dashboard.
From the left menu, click on Integrations. A page that lists available integrations appears.
Locate the Single Sign-On integration and click on Configure. The configuration page is displayed.
Click the Add New button on the top right side, then Connection in the dropdown that appears. A form to configure a new connection is shown.
Enter a name in the first input field, for instance Okta.
As connection type select OIDC.
As Client ID, enter the Okta client ID value you copied while applying the Okta configuration steps.
For the Issuer URL value, you can find the exact value on the Okta dashboard. Select Security, API. Under Authorization Servers, identify the authorization server to use and copy the value for Issuer URI:
Select what action to perform Upon Account Creation. By default, when a user from your organization signs in for the first time, an account is automatically created on Noticeable but the user is only assigned as a member of your Noticeable organization. No project access is given. The Upon Account Creation option allows giving access to existing projects to new users without having to send invitations manually for each project under your organization.
Click Create. Your connection is created!
Noticeable supports multiple connections so that if you need to switch between 2 Identity Providers, you can do it without any interruptions.
Creating and linking a domain
The last configuration consists in linking your company domain (the one used by users to sign-in) with the connection created in the previous section.
Click the Add New button on the top right side, then Domain in the dropdown that appears. A dialog to link a new domain is shown.
In the Domain name field, enter your company domain, for example acme.com. The domain to specify is the domain users will use in their email address in order to sign-in.
In the Link with connection dropdown, select the connection to link this domain with. If you followed the steps, the connection should be named Okta.
Click Link. A new dialog appears. It asks to setup a TXT DNS record to prove that you own the domain.
Complete the DNS configuration and click Verify.
That's it. Your domain is verified and linked. You can use SSO to sign-in to Noticeable 🎉
Read our SCIM configuration guide if you need to support deactivation/reactivation.
Notes
To start authentication, open the Noticeable dashboard, click to Use single sign-on (SSO) instead, enter your company email and select Continue with SSO.
Known Issues/Troubleshooting
N/A
Updated on: 05/06/2021
Thank you!